different crash (was Re: JFFS2 is crashing the kernel)
Adam Wozniak
adam.wozniak at comdev.cc
Wed Jan 16 15:02:25 EST 2002
Got this crash yesterday. gc.c is rev 1.58, nodelist.h is rev 1.59
This is on a PPC system.
Haven't been able to get it to repeat. Any help is appreciated.
--Adam
--------
This one was also running the /work/awozniak/slo-15-jan-2002-B kernel:
Oops: kernel access of bad area, sig: 11
NIP: C0089FDC XER: 00000000 LR: C0089F88 SP: C3A21F10 REGS: c3a21e60
TRAP: 0300
Not tainted
MSR: 00009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11
DAR: 00001360, DSISR: 20000000
TASK = c3a20000[11] 'jffs2_gcd_mtd1' Last syscall: -1
last math c39ae000 last altivec 00000000
GPR00: 00001360 C3A21F10 C3A20000 0000002F 00001360 00000001 00000030
C0170000
GPR08: 01A7B414 C0155B1C 00000000 C3A21E30 30018000 100278F4 00000000
00000000
GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
GPR24: 00000000 C02C32F8 C0180000 C02C3200 C02C32C4 C0179840 C3FCFED8
C3BFE9C0
Call backtrace:
C0089F88 C008CA94 C00064BC
Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing
------- Additional Comments From XXXXX 2002-01-16 00:35 -------
Oh yeah, this was about 2 seconds after starting an FTP of [large file]
------- Additional Comments From Adam Wozniak 2002-01-16 10:27 -------
[awozniak at rangers linux]$ findmap C0089FDC C0089F88 C008CA94 C00064BC
closest to c0089fdc :: c0089da4 T jffs2_garbage_collect_pass (plus
568 of
1500)
closest to c0089f88 :: c0089da4 T jffs2_garbage_collect_pass (plus
484 of
1500)
closest to c008ca94 :: c008c864 t jffs2_garbage_collect_thread (plus
560 of
564)
closest to c00064bc :: c0006490 T kernel_thread (plus 44 of 56)
------- Additional Comments From Adam Wozniak 2002-01-16 11:24 -------
316 0350 40820014 bc 4,2,.L1068
317 0354 801A0000 lwz 0,irq_stat at l(26)
318 0358 2C000000 cmpwi 0,0,0
319 035c 41820008 bc 12,2,.L1068
320 0360 48000001 bl do_softirq
321 .L1068:
322 0364 7FE4FB78 mr 4,31
323 0368 7F83E378 mr 3,28
324 036c 48000001 bl jffs2_mark_node_obsolete
325 0370 480002E0 b .L1080
326 .L1066:
327 0374 7FE4FB78 mr 4,31
328 0378 3B7CFF3C addi 27,28,-196
329 .L1083:
330 037c 80840000 lwz 4,0(4)
331 0380 80040000 lwz 0,0(4) // 0x148 + 568 ==
0x380
332 0384 2C000000 cmpwi 0,0,0
333 0388 4082FFF4 bc 4,2,.L1083
334 038c 83A4000C lwz 29,12(4)
335 0390 3C600000 lis 3,.LC17 at ha
336 0394 386303B4 la 3,.LC17 at l(3)
337 0398 7FA4EB78 mr 4,29
338 039c 48000001 bl printk
------- Additional Comments From Adam Wozniak 2002-01-16 11:26 -------
if (!raw->next_in_ino) {
/* Inode-less node. Clean marker, snapshot or something
like
tha spin_unlock_bh(&c->erase_completion_lock);
jffs2_mark_node_obsolete(c, raw);
goto eraseit_lock;
}
inum = jffs2_raw_ref_to_inum(raw); // <--
HERE
D1(printk(KERN_DEBUG "Inode number is #%u\n", inum));
spin_unlock_bh(&c->erase_completion_lock);
D1(printk(KERN_DEBUG "jffs2_garbage_collect_pass collecting from
block @
inode = iget(OFNI_BS_2SFFJ(c), inum);
------- Additional Comments From Adam Wozniak 2002-01-16 11:33 -------
static inline int jffs2_raw_ref_to_inum(struct jffs2_raw_node_ref *raw)
{
while(raw->next_in_ino) { // <-- maybe HERE
raw = raw->next_in_ino; // <-- maybe HERE
}
return ((struct jffs2_inode_cache *)raw)->ino;
}
------- Additional Comments From Adam Wozniak 2002-01-16 11:54 -------
DSISR indicates this was a "load" operation, not a "store".
(obvious, consistant with crash as indicated).
Likely result of bad pointer dereference.
--
Adam Wozniak (KG6GZR) COM DEV Wireless - Digital and Software Systems
awozniak at comdev.cc 3450 Broad St. 107, San Luis Obispo, CA 93401
http://www.comdev.cc
Voice: (805) 544-1089 Fax: (805) 544-2055
More information about the linux-mtd
mailing list